In support of ISACA’s SheLeadsTech initiative and once again, months of hard work, the Cyber Risk Meetup moved on from a successful Singapore meetup and back to Sydney. At the central high-rise offices of AWS, and sponsored further by Privasec, nearly 150 cyber riskers heard from six special guests in an exclusive two segment panel session.
The Future of Innovation panel, moderated by Igor Shparberg, Director, e-Pocket (Int) and joined by Gillian Findlay, COO, Safety Culture, Frances Bouzo, Head of IT Security, iCare NSW, and Tabitha Bauer Executive Manager of Digital Assurance, CBA kicked off with ‘What gets you up in the morning?’ The panel entered a great discussion, from finding offices for a start-up in Surry Hills, motivating young people, and through to building a commercial minded enterprise but that also makes people feel better. The things we see in cyber security is continually challenging and changing, so it is self-motivating, but with young kids, the alarm clock still helps!
‘How do you keep up and translate it day to day?’ – “I hire people who are smarter than me”, said one panellist. Look at what’s coming. Put in automation and have a mix of people – the questions asked often creates learning and then technically trying to continually improve and set the bar high in cybersecurity.
How important is diversity? In Australia we should do more with it and use it to our advantage, far more so as we work and think globally – in a global industry with global resources. Recruiting on aptitude rather than qualifications is also an important factor, particularly in cybersecurity. Interestingly, but maybe not surprisingly, ‘return to work mothers’ and ‘military veterans’ have both been shown to show positive aptitude for cybersecurity. Maybe it’s the ‘battleground’ traits they share?
The younger generation are doing so much more with technology and the expectation on younger people will continue to be so much more. However, the digital disruption is only just beginning. The way we recruit is still using tunnel vision and we can learn a lot of lessons from the past – a good example is how start-ups can be a source of learning for large enterprise and likewise start-ups can learn from enterprise on how to scale. One good takeaway line was “We don’t have to reinvent, but we have to catch up!”
The second panel, ‘Where do I put my CISOs? moderated by Cyber Risk Meetup organiser Shamane Tan, APAC Cyber Security Advisor, Privasec was joined by Robert Lang, CTO, OpenMarkets, Stuart Mort, CTO – Cyber Security, Optus Business and Wouter Veugelen, CISO, Primary Healthcare. Matching the variety of the panel, was a variety of responses.
CISO’s should be their own line of business, was one view, though in contrast one panellist reported to the CIO. How to get cybersecurity embedded into the enterprise is a well-recognised challenge. Too often plans are put in place after the breach has occurred. Reporting to the CIO is okay but CISOs may still be segregated to have policy freedom and separate to operations. Organisation size and maturity all has an influence on where the CISO may sit.
What skills does a good CISO have? Paranoia is good! Anticipating the unexpected, being able to adapt the language to stakeholders, be across the C-Suite. Cybersecurity can be perceived as complex – trying to use analogies can help, such as brakes on a car are there for safety but allows the car to drive faster. CISOs also need to understand the business and the biggest hurdle can often be the sales team – who and what is really driving the business. Security should enable the business and be engaged.
Dealing with a breach is about learning – and learning fast – is it a technical, people or process fail and then getting all the ducks in a row for communications, legal and executive. If it’s a failure in the risk assessment then the CISO hasn’t done their job.
With a packed room and nearly 100 on a waiting list, this Cyber Risk Meetup was well served with great content, a fascinating networking mix, as well as great food and drink.
If you are looking for an event of quality networking and new connections, or you just want to see what’s the Cyber Risk hype all about – visit www.cyberiskmeetup.com and stay tuned for your next complimentary meetup.
BTW – ARE YOU A POTENTIAL SPONSOR? Chat to Shamane Tan or Chris Cubbage about how you can get exposed in a multi-media package for event and media exposure in Australia and Singapore.
SPEAKER PROFILES
Gillian Findlay is the Chief Operating Officer of SafetyCulture, the creators of the world’s most used safety and quality inspection app, iAuditor and recently launched real-time incident reporting tool, Spotlight. The company currently employs over 220 people in five offices around the world, and recently raised $60M in Series C funding. With over 15 years experience in finance, strategy and operations, Gill is instrumental in navigating the challenges that face a global technology start-up experiencing rapid growth. Prior to working at SafetyCulture, Gill worked in top tier consulting and ASX listed companies.
Frances Bouzo is the Head of IT Security and Risk at icare a provider of insurance and care services to people with injuries under the NSW state government insurance and care scheme. icare delivers insurance and care services to the businesses, people and communities of NSW and is one of the largest insurance providers in Australia. Frances has over 23 years’ experience in information technology with eleven of those specialising in information security and technology risk. Prior to joining icare, Frances held various leadership roles including Global Director Security Risk and Controls at Aon a global provider of risk, retirement and health solutions and IT Security & Operations Manager at Employers Mutual an injury management partner for employers and government agencies. During her tenure at Employers Mutual Frances led the information security program, taking the organisation through the ISO27001 certification process enabling Employers Mutual to achieve and maintain certification. Frances holds a Masters of Management Information Technology and various technology and security certifications including Certified Systems Security Professional (CISSP) and ISO27001 Lead Auditor.
Tabitha Bauer grew up with computers when they had no hard drives and when Battlechess was the coolest game to play! Coding since she was 10, Tabitha has grown up with computers and has followed the industry’s rapid evolution with great enthusiasm. With a strong academic background in networking and artificial intelligence, Tabitha has spent the majority of her career as a Computer Forensic consultant where she investigated the technology aspects of criminal and civil cases in support of law enforcement, regulatory bodies and top-tier law firms. Currently she leads a very talented Digital Assurance team who provide white-hat hacker security testing and application security consulting within the Commonwealth Bank. Tabitha is passionate about educating and supporting young people who want a career in cyber security and works with partnering universities to provide industry relevant teaching material and real-world work experience opportunities.
Igor Shparberg is the Director of e-Pocket, an advanced platform that delivers a sophisticated payment solution. He is an experienced & highly motivated professional with broad experience across banking & broker distribution sales, strategy, capability development, customer and relationship management. With a strong focus on innovation of sales and service channels, his experience in leadership & coaching of diverse teams has seen him developing as an entrepreneur who enjoys the challenge of developing new products with a view of benefiting the society.
Wouter Veugelen is a Chief Information Security Officer with 15+ years of professional experience in technology and cyber security. His industry experience spans different sectors including Financial Services, Health, and Energy, Utilities and Mining sectors both in industry roles as well as within professional services roles.
Robert Lang is the CTO of OpenMarkets, a digital trading platform that provides retail investors, traders, advisers, robo-advisers, brokers and financial intermediaries with a suite of innovative brokerage services for trading on the Australian securities markets.
Previously he was CEO of Auggd, a market leading startup in AR/VR products and services. From 2007-2013, Rob led the technology and software development for all SMARTS products as CTO, including managing the technology transition to Nasdaq when SMARTS was acquired in 2010. From 2013 through 2016, Rob lead the SMARTS and TradeGuard businesses inside Nasdaq and was GM of the Nasdaq Australia office. Prior to 2007, Rob spent 10 years in various technology management roles mostly in Silicon Valley, California, producing hardware products in the computer graphics and image processing industry, most notably for Silicon Graphics and Nvidia. Rob received a PhD in Computer Engineering from Newcastle University in Australia in 1996 and he is an independent Board member of the Capital Markets Cooperative Research Centre (CMCRC).
Stuart Mort has 25 years of experience working in Security, from Special Duties operational work with the British Government through to heading an international security consultancy team, and then spending 12 years as Oracle’s Global Vice President of Information Security, a CISO role with the group reporting independently to President-level with full cross-corporate oversight; a fully independent Line of Business and not a sub-set of a technology team. As Optus’s CTO Cyber Security, Stuart brings extensive experience to help Optus partner with our customers as a subject matter expert, trusted advisor and thought leader to aid in addressing the security threats of today and tomorrow. As well as being a keen triathlete, having represented Australia at Age Group Level at the World Championships, Stuart is a Full Member of the Institute of Information Security Professionals, holds a Master of Laws and has served as an Expert Witness in a variety of Court cases.
Shamane Tan is the Cyber Security Advisor at Privasec, a premium Australian Security Consulting Firm and PCI QSA Company. In her previous roles, she has worked with exciting start-ups all the way to global organisations extensively across Singapore, Malaysia, and Australia. Shamane advises the C-Suite and IT Executives on the reality of the challenges they faced from the regulatory issues to cybercrime. This led her to take up this APAC role with Privasec and provide advice to businesses on uplifting their Security posture. Shamane has a passion for disruptive technologies and human factor and is the founder of the Cyber Risk meetups across Sydney, Melbourne and Singapore. The meetups offer Security Enthusiasts and Executives a unique platform to impart and exchange innovative insights. As member of the Australian Women in Security Network (AWSN), Shamane is also a huge advocate and champion for women in IT Security and is keen to encourage more people to take the step forward in the world of Cyber.
